If this is your first visit, be sure to
check out the FAQ by clicking the
link above. You may have to register
before you can post: click the register link above to proceed. To start viewing messages,
select the forum that you want to visit from the selection below.

How To: Packet Capture for Eye P.A. with OS X

Right now, Riverbed's AirPcap NX is the only Wi-Fi capture device that is available for Windows. If you don't have an AirPcap NX, but you have a Mac, you are in luck! OS X includes a great way to get PCAP files for use with Eye P.A. and WireShark.

Open the Wireless Diagnostics Utility

The Wireless Diagnostics utility is buried in the System folder, so use Spotlight to find it. Press Command + Space and Search for "Wireless Diagnostics".

Since OS X has to put the card in monitor mode, it will ask for your password to do so.

Open the Utilities Window

You can click "Window > Utilities", or press "Command + 2" to open it immediately.

Capture all the Things!

Click on the "Frame Capture" tab, select the Wi-Fi channel that you want to capture on, and click "Start". Note that this will put your wireless card into monitor mode, so you won't be able to use it for anything else. When you are finished, click "Stop". A "wcap" file will be placed on the desktop.

Rename the wcap File to pcap

Eye P.A. doesn't open wcap files yet, so rename the filename extension from wcap to pcap. It's silly, we know, so this step will disappear soon.

Move it to Your Windows Machine or Virtual Machine

Move it with Dropbox or BitTorrent Sync to your Windows machine. You could also use a flash drive, burned DVD, floppy disk, or punch card to move it to the other machine, but come on! You can do better than that. Use BitTorrent Sync for a quick and efficient win.

If you are running Windows in a virtual machine on your Mac, set up desktop sharing or drag & drop it into your virtual machine.